XP is just a number | |
PerlMonks |
Re: how could i make "them" understand that security IS important ?by Dog and Pony (Priest) |
on Sep 11, 2002 at 22:40 UTC ( [id://197107]=note: print w/replies, xml ) | Need Help?? |
Well, I wonder... how are the parameters used? Are they passed to the shell or used for SQL queries? Or are the parameters just checked by name to see what they contain, with following actions, and anything leftover not ever used? There is a big difference - although, for total honesty one could argue that this could change later.
Under perl, -T will get you very far with answering these questions too. I have to repeat what others have said here, you can not trust the client, even if it isn't just a browser, but something closed source and compiled. It is not exactly hard (usually) to capture whatever the client is sending and mimic/"enhance" that yourself. If you aer worried about extra parameters doing any harm, filter server-side! Always! Anything client-side is just cosmetics. :) This also reminded me about this node by merlyn. Is a good laugh about undoubtedly real security flaws. :) You have moved into a dark place. It is pitch black. You are likely to be eaten by a grue.
In Section
Meditations
|
|